Horus: Fine-Grained Encryption-Based Security for Large-Scale Storage

Introduction

With the growing use of large-scale distributed systems the likelihood that any one particular node is compromised is becoming higher. As a result, the need for a distributed data security solution is critical. Examples of large scale sensitive data include geographic data with defense implications, drug modeling, oil exploration, and private genomic data. Nevertheless, many high performance computing (HPC), cloud, or secure content delivery network (SCDN) systems that handle such data still store them unencrypted or use simple encryption schema, relying heavily on physical isolation to ensure the confidentiality. They provide little protection against compromised computers or malicious insiders. Moreover, current encryption solutions can't provide fine-grained encryption for large datasets efficiently.

Our approach, Horus, encrypts large datasets using keyed hash trees (KHT) to generate different keys for each region of the dataset, providing fine-grained security. KHT also reduces key management and distribution overhead. The design of Horus provides end-to-end data encryption and can reduce the need to trust system operators or cloud service providers. Horus requires little modification to existing systems and user applications. Performance evaluation shows that our prototype's key distribution is highly scalable and robust: a single key server can provide 140,000 keys per second, theoretically enough to sustain more than 100GB/s I/O throughput. Multiple key servers can efficiently operate in parallel to support load balancing and reliability.

People

Faculty

  • Ethan L. Miller
  • Darrell D. E. Long

Postdoctoral Associates

  • Yasuhiro Ohara

Students

  • Yan Li
  • Nakul Sanjay Dhotre

Associates

  • Thomas M. Kroeger

Source Code

This is the release of our Horus prototype. It's a prototype for evaluation and research purpose only. Copyright ©2012, 2013, 2014, 2015, 2016, The Regents of the University of California. Horus is released under the 3-clause BSD license unless otherwise noted in the source code file. If you make improvements to Horus, please consider contributing your patches to us to make Horus better!

The source code of Horus can be found at the Horus github repository. You may want to download the following bundle release instead since it also includes other dependencies.

Releases

This bundle contains everything that are needed for building and benchmarking Horus on a Linux system. This bundle supports MPIIO with Lustre. It includes the IOR benchmark.

This bundle has been developed and tested on Red Hat Enterprise Linux 6 and Fedora 14 x86-64, although it doesn't require any Red Hat / Fedora-specific features and should work on any modern Linux distributions, perhaps with some little tweaks. Compiler and build tools are only needed for building the package. Once compiled, the whole bundle has little dependencies and can be distribtued and run on a minimum Linux system.

Please read the README file in the bundle for detailed information.

Publications

Contacts

We welcome feedback and comments! For further information or feedback, please contact Yan Li. Thanks for trying Horus!

Last modified 18 Apr 2016